From d64679014b5eb6b36594f5d7062ad07f9ef198ab Mon Sep 17 00:00:00 2001
From: Niels Keurentjes <niels.keurentjes@omines.com>
Date: Sat, 25 Mar 2017 00:33:11 +0100
Subject: [PATCH] [WebProfilerBundle] Normalize whitespace in exceptions passed
 in headers

If an exception was thrown with line separators in its message the
WebProfiler would cause an exception by passing it through unsanitized
into the X-Debug-Error HTTP header. This commit fixes that by replacing
all whitespace sequences with a single space in the header.
---
 .../EventListener/WebDebugToolbarListener.php |  2 +-
 .../WebDebugToolbarListenerTest.php           | 21 +++++++++++++++++++
 2 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/src/Symfony/Bundle/WebProfilerBundle/EventListener/WebDebugToolbarListener.php b/src/Symfony/Bundle/WebProfilerBundle/EventListener/WebDebugToolbarListener.php
index 71c5090fc8a5..09d2b9ba92e5 100644
--- a/src/Symfony/Bundle/WebProfilerBundle/EventListener/WebDebugToolbarListener.php
+++ b/src/Symfony/Bundle/WebProfilerBundle/EventListener/WebDebugToolbarListener.php
@@ -68,7 +68,7 @@ public function onKernelResponse(FilterResponseEvent $event)
                     $this->urlGenerator->generate('_profiler', array('token' => $response->headers->get('X-Debug-Token')))
                 );
             } catch (\Exception $e) {
-                $response->headers->set('X-Debug-Error', get_class($e).': '.$e->getMessage());
+                $response->headers->set('X-Debug-Error', get_class($e).': '.preg_replace('/\s+/', ' ', $e->getMessage()));
             }
         }
 
diff --git a/src/Symfony/Bundle/WebProfilerBundle/Tests/EventListener/WebDebugToolbarListenerTest.php b/src/Symfony/Bundle/WebProfilerBundle/Tests/EventListener/WebDebugToolbarListenerTest.php
index 446aefb793e8..a121035b7d53 100644
--- a/src/Symfony/Bundle/WebProfilerBundle/Tests/EventListener/WebDebugToolbarListenerTest.php
+++ b/src/Symfony/Bundle/WebProfilerBundle/Tests/EventListener/WebDebugToolbarListenerTest.php
@@ -228,6 +228,27 @@ public function testThrowingUrlGenerator()
         $this->assertEquals('Exception: foo', $response->headers->get('X-Debug-Error'));
     }
 
+    public function testThrowingErrorCleanup()
+    {
+        $response = new Response();
+        $response->headers->set('X-Debug-Token', 'xxxxxxxx');
+
+        $urlGenerator = $this->getUrlGeneratorMock();
+        $urlGenerator
+            ->expects($this->once())
+            ->method('generate')
+            ->with('_profiler', array('token' => 'xxxxxxxx'))
+            ->will($this->throwException(new \Exception("This\nmultiline\r\ntabbed text should\tcome out\r on\n \ta single plain\r\nline")))
+        ;
+
+        $event = new FilterResponseEvent($this->getKernelMock(), $this->getRequestMock(), HttpKernelInterface::MASTER_REQUEST, $response);
+
+        $listener = new WebDebugToolbarListener($this->getTwigMock(), false, WebDebugToolbarListener::ENABLED, 'bottom', $urlGenerator);
+        $listener->onKernelResponse($event);
+
+        $this->assertEquals('Exception: This multiline tabbed text should come out on a single plain line', $response->headers->get('X-Debug-Error'));
+    }
+
     protected function getRequestMock($isXmlHttpRequest = false, $requestFormat = 'html', $hasSession = true)
     {
         $request = $this->getMock(